In today’s cybersecurity news…
Alabama Department of Education suffers data breach
Financially motivated foreign threat actors are suspected of being behind a breach at the Alabama State Department of Education, which occurred as a result of a cyberattack on June 17. The incident was intended to be a ransomware attack, but that part was successfully thwarted by the Departments cybersecurity defenses and staff. However, some data was exfiltrated. Officials say this may include student and employee data – they are still trying to determine exactly what might have been stolen – but they affirm that employee bank account and direct deposit information was not compromised since it is not stored on state servers.
New York Times claims hackers stole OpenAI secrets in a 2023 security breach
According to the news outlet, attackers “gained access to the internal discussions among researchers and other employees, but they did not access the source code of the company’s systems.” OpenAI did not publicly announce the breach because “no information about customers or partners had been stolen” and they believe the perpetrator to be a lone hacker and not an organized crime gang or nation-state hacker.
RansomHub claims to have published Florida health department data
According to news outlet Statescoop, the cybercrime group RansomHub has published 100 gigabytes of data stolen from the Florida Department of Health. The leak was made after the Department declined to pay a ransom in accord with CISA guidelines. This is the latest in a slate of attacks on state agencies in recent days, including the Alabama Department of Education just mentioned as well as the New Mexico public defender’s office.
Ticketmaster pushes back on claims of stolen barcodes for Taylor Swift concerts
Claims made on the dark web by hackers regarding having access to working ticket barcodes for several upcoming Taylor Swift concerts and other events, have been debunked by Ticketmaster. One hacker was offering around 170,000 barcodes for sale, averaging 20,000 for sale at each show. The hacker also threatened Ticketmaster more leaks if they were not paid $2 million. These included 30 million more barcodes for NFL games, Sting concerts, and many more. Speaking to Recorded Future News, a spokesperson for Ticketmaster said its SafeTix technology “protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied.” Live Nation, the parent company of Ticketmaster, was one of the organizations that suffered a breach of customer account information during the attack on data storage platform Snowflake.
Huge thanks to our sponsor, Entro
Cloudflare blames recent outage on BGP incident
Cloudflare is reporting that its DNS resolver service, 1.1.1.1, recently became temporarily “unreachable or degraded for some of its customers” due to a combination of Border Gateway Protocol (BGP) hijacking and a route leak. “This occurred on June 27 and affected 300 networks in 70 countries.” The incident did not cause much damage. Despite these numbers, the company says that the impact was “quite low” and in some countries users did not even notice it. The incident occurred when the Brazilian internet platform Eletronet S.A. sent out a competing DNS message prompting internet traffic to follow it as the most specific route. This does not appear to have any malicious causes, but has resulted in Cloudflare amping up its long term solutions, a summary of which is available in the show notes to this episode.
Google now pays $250,000 for KVM zero-day vulnerabilities
This is part of kvmCTF, a vulnerability reward program first announced in October 2023. Its goal is to “improve the security of the Kernel-based Virtual Machine (KVM) hypervisor.” It now offers $250,000 bounties for full VM escape exploits. This reflects the significance of KVM for consumer and enterprise settings, a key source of the power behind Android and Google Cloud platforms. Researchers who enroll in the program will be given access to a controlled lab environment where they can use exploits to capture flags. The program will focus on zero-day vulnerabilities and not those that target known vulnerabilities.
Australian man charged for fake Wi-Fi scam on plane
An Australian man has been charged with running a Wi-Fi access point during a domestic flight. His goal was to steal user credentials and data. Australian Federal Police (AFP) stated the unnamed man was charged with three counts of unauthorized impairment of electronic communication and three counts of possession or control of data with the intent to commit a serious offense. Known as an evil twin WiFi attack, he was discovered when airline employees noted the suspicious WiFi network during a flight. Perhaps we can call this story “Fakes on a Plane.”